bumblebee

General

Target

porc.ps1
Size

2.2MB
Sample

230222-ypc7gsfb4s
MD5

bcb9a789e65a2cae71bd1c3d0cb46f39
SHA1

a8160d88ffb19f038709478d8ae44d06f59803d3
SHA256

0ba8f658d5e820155f0cd63d4803843a55a8298f23d4e5c5a8a00a72f4b99aae
SHA512

cf09c45a41432c7dccb31d0a9861bde7a646a07f6017e2067093da828277aa7ba5ecea1dcd21ece75ba0cd0a9b974e8e94acfb0c0ce68615ddccaeb00f04d1ce
SSDEEP

24576:UFva7yGVSb9fQOF+Xx/RGv8FKPtRK4stbfnuV00t71my5HsDjT6y7i9n:PKQOs5Rr4CAuDP7O

Score

10^/10

Malware Config

Extracted

Family

bumblebee

rc4.plain

Extracted

Family

bumblebee

Botnet

212lg

C2

91.206.178.234:443

194.135.33.85:443

104.168.157.253:443

51.75.62.204:443

172.86.120.111:443

194.135.33.184:443

185.173.34.35:443

107.189.12.129:443

205.185.113.34:443

23.82.140.155:443

209.141.53.174:443

146.19.173.86:443

160.20.147.242:443

51.68.144.43:443

173.234.155.246:443

195.133.192.10:443

103.175.16.104:443

107.189.5.17:443

23.254.167.63:443

209.141.40.19:443

rc4.plain

Targets

- Target
  
  porc.ps1
- Size
  
  2.2MB
- MD5
  
  bcb9a789e65a2cae71bd1c3d0cb46f39
- SHA1
  
  a8160d88ffb19f038709478d8ae44d06f59803d3
- SHA256
  
  0ba8f658d5e820155f0cd63d4803843a55a8298f23d4e5c5a8a00a72f4b99aae
- SHA512
  
  cf09c45a41432c7dccb31d0a9861bde7a646a07f6017e2067093da828277aa7ba5ecea1dcd21ece75ba0cd0a9b974e8e94acfb0c0ce68615ddccaeb00f04d1ce
- SSDEEP
  
  24576:UFva7yGVSb9fQOF+Xx/RGv8FKPtRK4stbfnuV00t71my5HsDjT6y7i9n:PKQOs5Rr4CAuDP7O
Score

10^/10

bumblebee 212lg trojan
- BumbleBee
  BumbleBee is a webshell malware written in C++.
  trojan bumblebee
- Blocklisted process makes network request
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Blocklisted process makes network request

Suspicious use of NtCreateThreadExHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2